<?php
/********************************************************/
/* Module Name: addnewcase.php						    */
/* Description: add new case into casereferred table */
/* Written by: Maria Cielo Carreno							*/
/********************************************************/

 define("IDS",1);
 session_start();
//If your session isn't valid, it returns you to the login screen for protection
if(empty($_SESSION['myusername'])){
 header("location:main_login.php");
}
if(empty($_SESSION['seedval'])){
 header("location:main_login.php");
}
//echo $_SESSION['myusername'];
if($_GET['id'] != $_SESSION['seedval'])
{
	echo 'Security breakage!';
	$error = 1;
}
else
	$id = $_GET['id'] ;

 function renderForm($caseId,$error)
 {
// print_r($newCaseArr);
 ?>
 <html>
 <head>
 <link href="default.css" rel="stylesheet" type="text/css" />
 <title>validate Case</title>
 </head>
 <body>
 <div id="fulladmin">
  <table border="0">
  <tr><th>
 <center><h1>Case Number Validation</h1><br>
 </th></tr>
 <tr><td>

 <?php

 // if there are any errors, display them
 if ($error != '')
 {
 echo '<div style="padding:4px; border:1px solid red; color:red;"><center>'.$error.'</center></div>';
 }
 ?> 
 
 <form action="" method="post">
 <table border="0">
  <tr><td></td></tr>
  <tr><td></td></tr>
  <tr><td></td></tr>
  <tr><td></td></tr>
  <tr><td><strong>Case No: </strong> </td><td><input type="text" name="caseId" value="<?php echo $caseId; ?>" /> </td></tr>
 <tr><td></td><td>
	<input type="submit" name="submit" value="Submit">
	<input type="submit" name="back" value="Back">
 </td></tr>
 </table>
 </td></tr>
 </table>
 </form> 
 </div>
 <div id="footer"><center>Return to main <a href="dashboard.php"><font color="red">Dashboard</font></a>, or you can <a href="log_out.php?id=<?php echo $_SESSION['userid'];?>"><font color="red">Log Out</font></a></center></div>

 </body>
 </html>
 <?php 
 }
 
 
 

 // connect to the database
 include('connect-db.php');
 
 // check if the form has been submitted. If it has, start to process the form and save it to the database
 if (isset($_POST['submit']))
 { 
 // get form data, making sure it is valid
    $caseId = mysql_real_escape_string(htmlspecialchars($_POST['caseId']));

	if ($caseId == '')
	{
	// generate error message
		$error = 'ERROR: Please fill in all required fields!';
 
		renderForm($caseId,$error);
	}
	else
	{

	 // connect to the database
    include('connect-db.php');
	// verify case first the database
	$sql_script = 'SELECT * FROM casereferred WHERE CaseNo="'.$caseId.'"';

    $result = mysql_query($sql_script)
				or die(mysql_error()); 

    $row = mysql_num_rows($result);


		if($row>0){
			//$row = mysql_fetch_assoc($result);
			//$case = $row['CaseNo'];
			//$code = $row['ControlNo'];
			//$page_loc = "Location: update_frm.php?code=$code&case=$case&id=$id";
			//echo $page_loc;
			//header($page_loc);
			$error = 'Case No.'.$caseId.' already exist!';
			renderForm("",$error);
		}
		else{
			header("Location: addnewcase.php?id=$id&caseno=".$caseId);
		}
	// once saved, redirect back to the view page
		//header("Location: dashboard.php"); 
	}
 }
 else
 // if the form hasn't been submitted, display the form
 {
  $error = '';
  $caseId = '';
    if(isset($_POST['back']))
	   header("Location: dashboard.php");
	else
	   renderForm($caseId,$error);
 }
?> 